terraform-provider-postgresql
terraform-provider-postgresql copied to clipboard
Published
20 hours ago •
hashicorp
hashicorp
bug: postgresql_default_privileges not idempotent
Affected resources
- postgresql_default_privileges
Description
When used with priviledges = ["ALL"] the resource is not idempotent
resource "postgresql_default_privileges" "priv-sequence-for-user" {
database = "${var.db}"
owner = "${var.db}_owner"
role = "${var.db}_user"
schema = "public"
object_type = "sequence"
privileges = ["ALL"]
depends_on = ["postgresql_database.db"]
}
resource "postgresql_default_privileges" "priv-table-for-user" {
database = "${var.db}"
owner = "${var.db}_owner"
role = "${var.db}_user"
schema = "public"
object_type = "table"
privileges = ["ALL"]
depends_on = ["postgresql_database.db"]
}
On each plan/apply run it shows that it plans to make this modifications:
~ postgresql_default_privileges.priv-sequence-owner
privileges.#: "3" => "1"
privileges.1759376126: "UPDATE" => ""
privileges.2914988887: "" => "ALL"
privileges.3138006342: "SELECT" => ""
privileges.666868928: "USAGE" => ""
~ postgresql_default_privileges.priv-table-for-user
privileges.#: "7" => "1"
privileges.1759376126: "UPDATE" => ""
privileges.2491494563: "REFERENCES" => ""
privileges.2602342604: "TRUNCATE" => ""
privileges.2914988887: "" => "ALL"
privileges.3138006342: "SELECT" => ""
privileges.3404380929: "DELETE" => ""
privileges.623833415: "TRIGGER" => ""
privileges.892623219: "INSERT" => ""
Version
Terraform v0.11.13 provider from current HEAD
Thanks for raising this issue @zytek .
Indeed I never tested/used it with ALL privileges. I'll try to take a look as soon as I can.
FYI this also happens on postgresql_grant:
# module.db_postgres.postgresql_grant.admin will be updated in-place
~ resource "postgresql_grant" "admin" {
database = "x"
id = "x"
object_type = "table"
~ privileges = [
+ "ALL",
]
role = "x"
schema = "public"
}
Do we have any updates on this issue? I'm using the version v1.6.0 and I still see the problem.
